Thursday, 3 November 2022

SSH public/private keys HOWTO 

User Case
---------

On our local Mac machine under the user 'johnny' we want to remote log into a remote machine under the user name 'root'
Without the need for typing in the remote user ('root') password.

 

On local machine (host:localmachine)- (with username 'johnny') we want to remote ssh to a remote server (host:remoteserver.com) as 'root'

On 'localmachine'
-----------------

ssh-keygen -t rsa -b 4096

# Press enter for defaults and do not bother with a passphrase (just hit enter)

# This generates two files 'id_rsa' and 'id_rsa.pub'

# Rename the private key 'id_rsa' (usually found in ~./.ssh) to something like 'remoteserver_rsa.priv'



Upload id_rsa.pub to the remoteserver (eg. scp .ssh/id_rsa.pub root@remoteserver.com:/root/.ssh)

On remoteserver.com (log in using ssh and the usual password authentication - eg. ssh root@remoteserver.com (use root password))
---------------

# append newly uploaded public key to 'authorized_keys' file

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

#If you desire, you can now remove the 'id_rsa.pub' file on the remote server 

rm ~/.ssh/id_rsa.pub

Note: once you cat the 'authorized_keys' file - you will see our new public key (for 'johnny') appended.  

# make sure file and directory attributes are correctly set

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

# You are now ready to log in from your localmachine without the remote users password credentials.



On 'localmachine' (under the username 'johnny')
-----------------

# We can log into the remoteserver with the command 'ssh REMOTESERVER -l REMOTEUSER -i LOCAL_PRIVATE_KEY_FILE'
# Make sure you use the private key file that is paired with the public key file given and set up on the remote server 
# (i.e the public key file appended to the .ssh/authorized_keys file on the remote server) 

ssh remoteserver.com -l root -i .ssh/remoteserver_rsa.priv  

# Here we are now logging in as the remote user 'root' (The remote linux user - where we placed our public key generated for and by the local user 'johnny')
# we specify the matching private key file - conveniently renamed. 

Alternatively we can have an entry in the  'config' file in the local .ssh directory


# Part contents of $HOME/.ssh/config

Host remote mainremote tvserver
    HostName remoteserver.com
    User root
    Port 22
    IdentityFile ~/.ssh/remoteserver_rsa.priv
	


#now we are able to ssh with using just alias names - such as

ssh remote
or 
ssh mainremote 
or
ssh tvserver
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)